ParkingAndMail written at 00:18:24; Add Comment
A small wish about parked and squatted domains
One of the things that clutters up the modern Internet is all of the parked and (typo-)squatted domains that are floating around, and along with them all of the domain name variants that legitimate domain owners have picked up to defend themselves from the typo-squatters. Sometimes it feels like putting any vaguely word-like name in a browser will wind you up somewhere, often on an add-filled landing page. (And let's not mention what happens to old domains whose registrations are allowed to lapse.)
As a sysadmin, I've found that these domains pollute my life in more ways than the obvious. You see, our users don't just make typos in the names of websites; they make typos in email domain names too, or they mistakenly use a domain name that the real owner only been set up for anti-typo-squatting purposes. Many of these parked websites are on hosts that are running mailers that will immediately reject our email, which is fine (indeed, it's what I want to happen). But some of the parked websites either don't run a mailer or have firewalls that drop incoming SMTP connections.
(And no doubt some of these domains are running mailers that will gleefully accept the email. I try not to think about those, since there's not much I can do about it.)
This makes me sad on behalf of my users. Now, when they typo one of these domains or worse yet use the 'wrong' domain name (one set up purely for defensive purposes instead of for real use), they won't get an immediate bounce that tells them they made a mistake and they should resend their message to the right place. Instead the email sits around for days, trying to be delivered to a destination that's never going to accept it. When it finally times out, they won't get any real suggestion about what's wrong unless they happen to notice their addressing mistake.
You can guess what my small wish is, I'm sure. Since these domains don't actually want to get email, it would be nice if they would make it fail fast. This wouldn't even require them to run a do-nothing, refuse-everything mailer (with the attendant potential security risk); they could get the same effect with a suitable MX entry (as some of the 'good' parked domains do).
I know, I'm dreaming. These domain owners don't care, any more than various other sorts of spammers do.
(I have more hope for the people who've just gotten variants of their
main domain name as a defensive measure; the trouble is getting their
attention. You might think that significant Internet companies would be
aware of this issue already, but apparently not always. For example,
PS: we have a feature in our mailer specifically to fast-fail such typo'd domains, but of course we have to maintain the list of domains by hand and it's somewhat dangerous to add a domain to the list.
SpammerPersistenceIllustrated written at 01:40:31; Add Comment
The persistence of spammers, illustrated
Recently, I saw the following line in the SMTP logs of one of my machines:
In the old days, software tended to put more information into various identifiers than it usually does today. One of the vaguely convenient things that this does is that it provides a way to carbon-date certain sorts of spammer behavior.
As you might guess, this particular identifier dates from August of 1989. It is not a valid email address and in fact has never been a valid email address, because it is (or was) a Usenet message-id. Never the less, spammers have kept it around for almost 22 years now (and have, as it turns out, repeatedly tried to mail it over the past couple of years). At this point, I expect that they will keep trying to do this for as long as there is an MX record for ziebmef.mef.org.
(It's almost enough to make me curious about what sort of spam they're trying to send it. In theory it would be relatively easy to find out, at least for that specific address.)
I knew that spammers were persistent and that addresses they'd grabbed tended to never stop getting spam. But it's one thing to know it and another thing to see it in my logs, right there in front of me.
(To save curious parties the effort of looking: Google Groups doesn't have that message-id.)
* * *
Atom feeds are available; see the bottom of most pages.